Information about the intended cyber attack was discovered in September by the Internet security firm RSA during the course of monitoring a web chat room that the company says was run by a Russian hacker known as vorVzakone.

According to the report, the Russian was believed to be using the chat room to recruit fellow hackers to steal assets from bank accounts as part of a criminal enterprise.

At the time, there were doubts about the credibility of the threat, with some experts suggesting it was part of a Russian law enforcement sting.

"Our researchers have been poring into this and what they have found, they actually found somewhere between 300 to 500 devices in the U.S. that have actually been infected with the particular malware that this individual is talking about," said Pat Calhoun, a senior vice president at McAfee.

"That, combined with some additional research we’re doing, has led us to believe this is true. This is actually a real operation that this individual is planning to launch sometime before spring 2013."

The McAfee report states, "The targets are U.S. banks, with the victims dispersed across various U.S. cities, according to the telemetry data. Thus this group will likely remain focused on U.S. banks and making fraudulent transactions."

Calhoun said that McAfee has access to the malware and, through reverse engineering, has learned much about its capability and targets.

"We see the IP addresses and names of banks and so on or references to URLs."

Calhoun said the behavior of the Trojan suggests it is a variant of a previous known strain called Gozi. RSA labeled this latest version, Gozi Prinimalka.

But it's a tedious task dissecting the malware, and the company is still trying to figure out how it would create fraudulent bank transactions, Calhoun said.

Based on their analysis, the McAfee researchers believe the plan is to attack a small group of bank customers.

"This strategy is necessary if the attackers hope to succeed in transferring several million dollars over the course of the project," the report states. "A limited number of infections reduces the malware's footprint and makes it hard for network defenses to detect its activities."

But Calhoun said the fact the malware has been detected allows for a defense to be mounted.

"Since we know about it, we will be able to protect against it," Calhoun said. "We're working very closely with law enforcement and a lot of the potential targets to make sure they understand this and know how to behave or how to protect themselves against it."

Wells Fargo, the only financial institution to respond to questions about preparations it might be taking to thwart the potential attack, said it was watching for the threat.

"Security is core to our mission and safeguarding our customers' information is at the foundation of all we do," Wells Fargo said in a statement. "We constantly monitor the environment, assess potential threats, and take action as warranted."

The Department of Homeland Security, which takes the lead for the government on cyber security issues, had no comment on the McAfee report or Project Blitzkrieg.

soundoff(65 Responses)

Earl Blackledge

This protocol is designed to protect communication in a secure manner using TCP/IP. It is a set of security extensions developed by IETF, and it provides security and authentication at the IP layer by using cryptography. To protect the content, the data is transformed using encryption techniques. There are two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and Encapsulating Security Payload (ESP). These two protocols provide data integrity, data origin authentication, and anti-replay service. These protocols can be used alone or in combination to provide the desired set of security services for the Internet Protocol (IP) layer.'.."`

http://calaguastourpackage.comThe latest write-up from our very own web site

Website is definitely down.
WF On-phone support: "..hmm... let me check into your account..."
me: "Don't give me that. This isn't the first time you've heard of this today."
WF On-phone support: "Heh heh. Yeah. I can't get into my account either since Tuesday."
I'm thinking.... RUN RUN RUN

I've got the answer!!!!!!!.........How come no one has thought of this before?!!!!!!!!.............It's...........It's..............."Tax breaks for the rich to fund cyber warfare!!!!!!!!!!!" Hahahahahahaaha

LIKE THE MALWARE THEY FOUND ISN'T A DIVERSION TO KEEP THEIR EGOS BUSY AND FALSELY CONFIDENT, WHILE OTHER PROGRAMS WILL ACTUALLY COME OUT IN THE REAL SECOND OR THIRD WAVE. IT TELLS ME THAT DODD/FRANK WILL NOT BE EXTENDED.

Okay so they know this might happen, you don't think the banks would be smart eonough to make back up copies of people funds, so if they are lost or corrupted they can simply reset with the right data. I mean its a stretch that such a low technology would be used in a common sense fashion, I think they want to crash again and screw the recovery up even more then the republicans. This is a job for Super Bernake, send him in there and all will be okay, blah blah blah

You don't need to have an online account to have it cleaned, hackers get into bank data. They will move money from your savings to your checking account and transfer the amount in small increment under 10k to get under the radar. Banks do not have to notify the FBI if the amount is under 10k. The banks like to keep quiet. Meanwhile customers wreck their brains trying to figure where someone could have hacked them.
All the hacker need is your account number and routing number no need for password and all that security we customers have to jump thru to make transaction. My son's accounts were cleaned out that way. Transfers were made from his bank to an other bank under a bogus name. The receiving bank under our laws are responsible to return the transfers before they get debited or not. As a customer the law covers you, as a business account it's an other story, money may be gone forever if the fraudulent transactions are not discovered in time.Keep an eye on your accounts.

You know, if people actually took security a little more serious and actually stopped using online banking all together until they all started using one-time token passwords, online banking would be almost 100% secure.

With one-time tokens, it doesn't matter if you know my username/password. As long as you are not in control of my physical dongle, you will never get in. Sadly there's video games that offer this cheap security to login, but something like major banking and it's nowhere to be found.

It's because of the infrastructure demand behind the dongle. The security empire and data processing capability that would be necessary to give each customer of a large major bank would be enormous.
... although, they are posting multi-billion dollar quarters

December 13, 2012 at 8:32 am |

Post a comment

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.

Search Security Clearance

Share this blog

About this blog

CNN's Security Clearance examines national and global security, terrorism and intelligence, as well as the economic, military, political and diplomatic effects of it around the globe, with contributions from CNN's national security team in Washington and CNN journalists around the world.